'use strict';
const crypto = require('crypto')
exports.main = async (event, context) => {
	//event为客户端上传的参数
	const secret = '1234' // 自己的密钥不要直接使用示例值，且注意不要泄露
	const hmac = crypto.createHmac('sha256', secret);

	let params = event.queryStringParameters
	const sign = params.sign
	delete params.sign
	const signStr = Object.keys(params).sort().map(key => {
		return `${key}=${params[key]}`
	}).join('&')

	hmac.update(signStr);
	if (sign !== hmac.digest('hex')) {
		throw new Error('非法访问')
	}
	const {
		access_token,
		openid
	} = params
	console.log('access_token : ', access_token)
	console.log('openid : ', openid)
	const res = await uniCloud.getPhoneNumber({
		provider: 'univerify',
		appid: '__UNI__2032A71', // DCloud appid
		access_token: access_token,
		openid: openid
	})
	// 返回手机号给自己服务器
	return res
};